I configured Gitea to authenticate against an AD server, and I'm receiving the following error:
[...dels/login_source.go:390 LoginViaLDAP()] [E] LDAP Connect error, my.ad.server.address.here:LDAP Result Code 200 "Network Error": read tcp <gitea host ip>:37590-><ad server ip>:389: read: connection reset by peer
What is strange to me is that the number 37590 in the example above always changes at each occurrence. Is it a port number? If true, how can I track it so I can whitelist it at the AD server firewall?
I'm a newbie in Go, so I can't figure out what's happening.
The 37590 that you see is the source port. It is the port that the server will use when replying and helps your computer know which application the response is for. It's normal for that to change on each request.
You are correct in thinking that this is a network problem. The error message "connection reset by peer" means that someone along the line (either a firewall along the path, or the host itself) closed the connection. (a little more detail here)
If it is a firewall that is not allowing you, then you need a rule allowing access from gitea host ip:any to ad server ip:389.
Related
I am using a call to ftp.exe to upload file to a FTP Server.
This program is running since many years and uploads to number of servers, so far without problems.
After one of the receiver servers has been updated, uploads are no longer possible.
This is the command sequence:
open ftp.xxx.de
<user>
<pw>
>230 User logged in, proceed
cd upload
bin
put <filename>
and in response to this the server replies:
501 PORT IP is not the same as 10.100.244.5
150 File Status okay, about to open Connection
That is it, after this the connection is stuck and gets closed after a certain timeout period.
Funny enough, a google search for "PORT IP is not the same as" return exactly one result, which explains that the IP seen by the server is different from the one expected.
Also, when using WinSCP, FileZilla or other FTP utility programs, the connection has no problem and does transfer files just fine.
So, why does this appear and how to solve it?
The ftp.exe uses an old-fashioned active mode command PORT, which requires the client to specify its IP address to which the FTP servers needs to connect back to open a data transfer connection.
If your are behind a firewall or a NAT, the client may not know its external IP address and uses its local network address. This causes troubles. Either the server fails to connect back as it obviously cannot connect to the client's local network. Or the server rejects the PORT command straight away, if the specified IP address does not match the IP address, from which the FTP client connects to the server. This is a security measure as the difference may indicate a man-in-the-middle attack. Your server does the validation. Some servers might be configured to ignore the IP address specified in the PORT command and connect to a known IP address of the client.
Another way to solve this is, if the firewall/NAT can inspect the FTP traffic and seamlessly modify the IP address in the PORT command. This is obviously not happening.
You do not get the problem with WinSCP or FileZilla, as these clients default to the passive FTP mode, which does not have the problem. Also in the active mode these clients can be configured to use the external IP address. FileZilla also supports the modern EPRT command, that does not need to specify the IP address at all (the server uses the known IP address of the client).
See my article about active/passive FTP mode for details.
I do not think there's any way to make it working with the Windows ftp.exe. It neither supports the passive mode, nor can be configured to use the external IP address, nor supports the EPRT command.
So unless you can configure the FTP server not to do the check and connect to the known IP address of the client or configure your firewall/NAT to modify the IP address in the PORT command, you have to use another FTP client.
As you know that WinSCP works, see the guide for converting the Windows ftp.exe script to WinSCP script.
(I'm the author of WinSCP)
I've been ripping my hair out for a few days over this and need help. I have a perforce server and an external client. Steps I've taken:
1. Opened port 1666 on my router (TCP and UDP) for my servers IP.
2. Allowed port 1666 through windows firewall.
3. I can connect to the perforce server from any system on the LAN by hostname or IP.
4. NETSTAT -a shows port 1666 is LISTENING.
5. External client can ping the server by external IP.
6. Internal client can telnet to the internal IP and port, external cannot.
I can not for the life of me figure out why the hell my external client cannot connect to the server. I am getting my external IP from "WhatsMyIP.org" and it matches my routers WAN address.
I have full on tried to disable windows firewall and still the same issue.
Please god someone help before I lose the rest of my hair.
EDIT1: I forgot to mention the error I am receiving from the external client:
Connect to server failed; check $P4PORT.
TCP connect to 99.252.60.60:1666 failed.
connect: 99.252.60.60:1666: WSAETIMEDOUT
You may want to take a look at your router's firewall rules in more detail.
I had a similar problem with my home setup that resulted in me having to modify some firewall settings on the router.
This KB also gives some information about the error:
http://answers.perforce.com/articles/KB/2960/
After working at this for three days, I found the issue with help from this forum post:
http://208.74.204.155/t5/forums/forumtopicpage/board-id/Getting_connected/thread-id/8923/page/1
My router model (Hitron Technologies CGN2-ROG) that I received from my ISP (Rogers up here in Canada) apparently doesn't play nice when it comes to port forwarding. With all of the EXACT same settings, I bridged that router to another spare I had laying around and it worked perfectly.
I literally just plugged in the new router and it worked without making any other changes at all.
I have googled and searched all over but I am still having trouble getting connected to a site using the ftpzilla
I am getting this read out when I try to connect to the server using the network connection wizard
Connecting to probe.filezilla-project.org
Response: 220 FZ router and firewall tester ready
USER FileZilla
Response: 331 Give any password.
PASS 3.9.0.6
Response: 230 logged on.
Checking for correct external IP address
Retrieving external IP address from
http://ip.filezilla-project.org/ip.php
Checking for correct external IP address IP 173.56.114.112
bhd-fg-bbe-bbc
Response: 200 OK
PREP 60010
Response: 200 Using port 60010, data token 1063172065
PORT 173,56,114,112,234,106
Response: 200 PORT command successful
LIST
Response: 150 opening data connection
Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed
The weird thing is I only get this error for this particular server and the server I use for my personal site (namecheap.com) gives me no such error. Does anyone know why this may be happening? And please try not to point me to the network configuration wiki because I have read through that and I still am at this point.
PORT 173,56,114,112,234,106
....
Response: 503 Failure of data connection.
...
please try not to point me to the network configuration wiki
You are using active mode, that is the ftp client (FileZilla) waits for a connection from the server. Obviously the server can not connect to the client which indicates that something like a firewall restricts the connection.
Since according to your description this happens only with few servers, you either use only these servers with active mode or these servers are protected by firewalls which do not allow active mode. Have you tried with passive mode?
I had a similar issue connecting and made the following changes and had success.
Go to File>>>Site Manager>>>
For my site, I changed the Encryption to "Only use plain FTP(insecure)" and had success. May you find the same success.
I'm using BOOST-ASIO for a simple echo client-server (there is a separate link for the client and server). When I try to run the server I use this async_tcp_echo_server 4000. For the client I use blocking_tcp_echo_client #.#.#.# 4000 (with #.#.#.# as the ip address). I'm on XP-SP3 with my computer connected to my wireless dsl modem using a usb card. After a few seconds on the client side I get this error:
Exception: connect: A connection attempt failed because the connected party did
not properly respond after a period of time, or established connection failed be
cause connected host has failed to respond
Any ideas what it could be? I turned off my firewall including the windows firewall and still I get no response. Could my port be in the incorrect range? Do I need to include a computer name to specify the machine on the network( there are other machines on the network sometimes active)? I did try running this on another computer directly connected to the dsl modem and same issue. I did ping my address and that did work for 4/4 packets.
It could be a variety of issues. Thus, it can be worthwhile to use lower level networking tools, such as netcat to serve a port on the server, and try connecting with netcat from the client side. This can help simplify the problem by removing any potential problems introduced by an application's network programming code. If the problem is identified as being a network issue, then there are a few things to check:
Verify firewall exceptions on the server.
Verify firewall exceptions in the server's network gateway.
If the server and client are on different networks, with the client trying to connect to the server's external IP, then verify that the server's gateway knows what traffic to route to the server. This may require setting up rules, such as port forwarding, in the routing device.
If the server and client are on the same network, but the client is trying to connect to the server through the network's external IP, then verify that the gateway supports looping back internal traffic destined to the external IP.
Use a network analyzer tool, such as Wireshark, to verify that the time to live field in the packets is high enough that it will not be discarded.
you could try
$ telnet server-ip 4000
from your client and see if it is possible to establish the tcp connection.
First of all, sorry for my bad English : )
My Java application (multiplayer game server) uses this package to communicate with a web application in client's browser using websockets: https://github.com/TooTallNate/Java-WebSocket
I've encountered a problem running my application: only I can connect to the websocket server, clients on other hosts can't do so. In browser I estabilish connection as usual, address here is certainly correct:
new WebSocket("ws://"+serverIp+":8787");
When I connect from my own host to the websocket server running on the same host, it runs perfectly. When other hosts try to connect to me, connection in not being estabilished: in browser WebSocket objects's .readyState is 0 (whilst it should be 1), and even server does not recieve any handshakes (no output from onClientOpen in server console, I even tried to get any output from certain WebSocketServer class' methods).
Other hosts are still recieving, for example, static contents of web application from webserver on 80 port on the same host. Problem is not the closed 8787 port: I checked it, it's open.
What may be the reason that other host can't connect to my websocket server?
WebSockets uses a cross-origin permission system. You might need to tell you WebSocket server to accept connections from more than just your local host. The verification of Origin happens during the WebSocket handshake which likely happens prior to onclientOpen.